Skills
skills/maravilla-labs/maravilla-cli/maravilla-storage/Gen Agent Trust Hub

maravilla-storage

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion and processing of untrusted data from external uploads (such as PDFs, images, and videos) into the agent's context. \n
  • Ingestion points: The put, putStream, and generateUploadUrl methods in SKILL.md allow external data to enter the storage system. \n
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying instructions potentially embedded within these uploaded files. \n
  • Capability inventory: The skill provides capabilities to write to storage (put, putStream), delete files (delete), and perform network requests (demonstrated by fetch in client-side examples). \n
  • Sanitization: No content-level sanitization, validation, or escaping is specified for data retrieved from storage before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 10:38 PM